Here is a good list of urls where you can download malware samples:

https://zeltser.com/malware-sample-sources/

For many of them, the malware samples are zipped files and the password to unzip them is:

    infected


Some samples have got the .bin extension. This is deliberately done in order to prevent you 
from accidentally executing them. 

If you want to execute them you need to change the .bin extension to .exe extension. Remember to
use a virtual machine to do malware analysis. However, for static analysis, there is no need to
rename them to the .exe extension.