_WinMain16():
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateThread
	KERNEL32.SetFileAttributesA
	KERNEL32.Sleep

sub_401000(2500):
	KERNEL32.LoadLibraryA
	KERNEL32.FreeLibrary

	"ntdll.dll"
	"RtlDecompressBuffer"
	"RtlGetCompressionWorkSpaceSize"

sub_40196F(4af1):
	ADVAPI32.GetUserNameA

	"USER"
	"CurrentUser"

sub_401855(5d2d):
	KERNEL32.ResumeThread

sub_4019FA(65f5):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.GetCurrentProcess
	KERNEL32.ReadProcessMemory

	"CreateProcessA"
	"KERNEL32.dll"

sub_401881(79db):
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.ReadFile

	"6897u546gfd78ui54wn8 gtrewyt rewy tre54"...
	"689yt	s78eyg67bsdf67tewa78ytijn4qhkte"

StartAddress(8c6a):
	USER32.SendMessageA

	"Windows Security Alert"

sub_405892(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"NtUnmapViewOfSection"
	"ntdll.dll"

sub_405858(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"ReadProcessMemory"
	"kernel32.dll"

sub_405875(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"SetThreadContext"
	"kernel32.dll"

sub_4016EE(abc1):
	KERNEL32.VirtualProtectEx
	NTDLL.ZwUnmapViewOfSection
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.SetThreadContext

	"WriteProcessMemory"
	"kernel32.dll"

sub_4015FB(d326):
	KERNEL32.VirtualQueryEx

sub_4019CA(e292):
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle

	"\\\\.\\NTICE"

sub_401613(fc6d):
	KERNEL32.CreateProcessA
	KERNEL32.GetThreadContext
	KERNEL32.ReadProcessMemory
	USER32.MessageBoxA

	"f78ret64375u435r q43tr67fstgdyfsew6r65f"...
	"mnbbntrew t regfsdhfiasjdkfjasopdifisdu"...