Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.
796fea476f1404100a509b2b4c0c463f28d539d1bb611efada016038aad1d7a1