Ordinarily this wouldn’t work because when Stuxnet tried to call up this code, the operating system wouldn’t recognize the names or would look for the oddly named files on disk and not be able to find them. But Stuxnet “hooked” or reprogrammed part of the Windows API—the interface between the operating system and the programs that run on top of it—so that anytime it called on these oddly named files, the operating system would simply go to Stuxnet, sitting in memory, to obtain the code instead.
