Hi Fosforo, I'm afraid I was not clear, but thanks for the URL.
I'm looking for a suggestion of a sample NAME that had those characteristics I was looking for.
I use malwaredomainlist too; and if I did not have a sample, I'd probably look for one there.
I will be using a VM in the demo so it would have to run in a demo and illustrate the crossview technique.
> From: fosforo@gmail.com
> Date: Thu, 3 May 2012 02:47:02 -0300
> Subject: Re: [Vol-users] Need to pick a malware for a demo
> To: dragonforen@hotmail.com
> CC: vol-users@volatilityfoundation.org
>
> have fun.
>
> http://www.malwaredomainlist.com/mdl.php
>
> --
> []s Fosforo
> -------------------------------------------------------------
> "Only the wisest and stupidest of men never change."
> -Confusio
> -------------------------------------------------------------
>
>
> On Thu, May 3, 2012 at 1:32 AM, Mike Lambert <dragonforen@hotmail.com> wrote:
> > I've got a memory forensics presentation coming up next week and I'd like to
> > use a sample that will illustrate a crossview example.
> >
> > Specifically, I'd like to use an example that hides from pslist on the
> > running system (don't want a DKOM example) but we can find it using
> > Volatility.
> > I'd like it to be something running and not a process injection sample.
> >
> > Does someone have a suggestion which one may provide a good illustration?
> >
> > Thanks,
> > Mike
> >
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users@volatilityfoundation.org
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> >