Password for rootkits.zip file is rootkits ;)
*********************************************

AFX Rootkit 2005 (AFXRootkit2005.zip)
Description: This OPEN SOURCE Delphi rootkit uses code injection and hooks Windows native API to hide processes, modules, handles, files, ports, registry keys, etc.

FU (FU_Rootkit.zip)
Description: The FU rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!). (Look, Mom, no hands!) It does all this by Direct Kernel Object Manipulation (TM); no hooking! This project has been evolving other time. It was originally conceived as a proof-of-concept. FU is a play on words from the UNIX program "su" used to elevate privilege.

HE4Hook (He4Hook215b6.zip)
Description: This is the Russian rootkit, HE4HOOK. This code is very complete.

Hacker Defender (hxdef100r.zip)
Description: Hacker Defender was a very common rootkit in the wild. It sports a user friendly inifile that controls its behaviour. It is 98% userland rootkit and some source-code is available. There are also commercial versions of Hacker Defender that brings new functionality together with protection against antivirus products and rootkit detectors.

Klog (Klog 1.0.zip)
Description: Klog demonstrates how to use a kernel filter driver to implement a simple key logger.

NT Rootkit (rk_044.zip)
Description: The original and first public NT ROOTKIT - has not been updated for many years but is good for ideas.

Vanquish (vanquish-0.2.1.zip)
Description: Vanquish is a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords.