MD5 based key derivation and RC4 encryption. Really? Example created in 2018? Microsoft should be ashamed of itself. I don't see that 1024 bit key, I see a 128 bit key created from the aforementioned MD5, and PKCS#1 RSA encryption. As for the key size "The sizes of a session key can be set when the key is generated. The key size, representing the length of the key modulus in bits, is set with the upper 16 bits of this parameter. Thus, if a 128-bit RC4 session key is to be generated, the value 0x00800000
is combined with any other dwFlags
predefined value with a bitwise-OR operation."
RC4 is relatively broken as the generated key stream is biased, AES with hardware acceleration should easily be more secure if used correctly. You want to use OAEP and an authenticated mode such as GCM (but good luck finding an example). Oh yeah and "Each of these CSPs has a default 128-bit symmetric key length for RC2 and RC4 and a 1,024-bit default key length for public key algorithms.". You should aim for at least 2048 bit and if possible 4096 bit; the latter should give you over 128 bit security.
Next year all of the crypto you see on that page will turn 30 years of age. Modern crypto has been around since Shannon (1949) with the initial big boom in the seventies, about 50 years ago. There is no 1024 bit RC4, just 128 bit RC4. The RSA key is too small using 1024 bits and please do not even thingk about copying that key derivation method for the password.
The code is not structured well at all either; the one thing you could learn from it are the calls to the cryptographic library and the way you could incrementally encrypt the file rather than doing it all in one go.