[Vol-users] Need to pick a malware for a demo

I've got a memory forensics presentation coming up next week and I'd like to use a sample that will illustrate a crossview example. Specifically, I'd like to use an example that hides from pslist on the running system (don't want a DKOM example) but we can find it using Volatility. I'd like it to be something running and not a process injection sample. Does someone have a suggestion which one may provide a good illustration? Thanks, Mike