The title of this post is not a secret message and I am not intoxicated.

UVWATAUAVAWH happens to be the most popular string extracted from all .exe, .dll and .sys OS files on my 64-bit Windows. The string is so popular and at the same time suspicious that if you google it you will find people theorizing about it having something to do with BSODs / being a part of some internal ZeroAccess secret language.

If you convert the characters into hex:

UVWATAUAVAWH

you will get a string of bytes like these:

55 56 57 41 54 41 55 41 56 41 57 48

and these can be also represented as opcodes:

U  - push    rbp

V  - push    rsi

W  - push    rdi

AT - push    r12

AU - push    r13

AV - push    r14

AW - push    r15

H  - part of sub rsp, xxx opcode

The sequence is a very typical prologue for functions  (64-bit code) – so typical that it is all over the place together with its variants (see below); the ‘vowelized’ properties of these strings remind me an interesting paper about shellcodes that look like English text.

UVWATAUAVAWH
WATAUH
WATAUAVAWH
SUVWATAUAVAWH
SUVWATH
VWATAUAVH
SUVWATAUH
ATAUAVH
USVWATAUAVAWH
UVWATAUH
SUVWATAUAVH
SVWATAUAVAWH
USVWATH
USVWATAUH
USVWATAUAVH
VWATAUAVAWH
WAVAWH
ATAUAVAWH
VWATAUAWH
WATAVH
UVWATAUAVH