_WinMain16():
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateThread
	KERNEL32.SetFileAttributesA
	KERNEL32.Sleep

sub_401000(237d):
	KERNEL32.LoadLibraryA
	KERNEL32.FreeLibrary

	"ntdll.dll"
	"RtlDecompressBuffer"
	"RtlGetCompressionWorkSpaceSize"

sub_40185E(5d2d):
	KERNEL32.ResumeThread

StartAddress(8c6a):
	USER32.SendMessageA

	"Windows Security Alert"

sub_405795(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"SetThreadContext"
	"kernel32.dll"

sub_4057B2(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"NtUnmapViewOfSection"
	"ntdll.dll"

sub_405778(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"ReadProcessMemory"
	"kernel32.dll"

sub_40188A(a947):
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.ReadFile

	"6jhgfhgfkjhljhfkjhgftre54"
	"68hkmgfjgfhjhgjgfdsgsfdgfdte"

sub_4016F7(abc1):
	KERNEL32.VirtualProtectEx
	NTDLL.ZwUnmapViewOfSection
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.SetThreadContext

	"WriteProcessMemory"
	"kernel32.dll"

sub_401604(d326):
	KERNEL32.VirtualQueryEx

sub_40161C(fc6d):
	KERNEL32.CreateProcessA
	KERNEL32.GetThreadContext
	KERNEL32.ReadProcessMemory
	USER32.MessageBoxA

	"hgsfdg76fd78g6fdsuretjwmnbjhfsdghfsgdyf"...
	"i780897olkgjtyy6w54wtgt54w643r32qrhggfd"...