Tuesday 07 July 2026 05:49:44 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

RCDATA

A Windows resource type used to store arbitrary binary data inside an executable.

RCDATA, short for raw binary data, is a Windows resource type that lets developers embed arbitrary bytes inside a Portable Executable (PE) file. Unlike icons, dialogs, or version metadata, an RCDATA entry can hold almost anything: configuration blobs, encrypted settings, shellcode stubs, or other file-like data. Because it lives inside the resource section, the data can be packaged with the binary instead of stored as an obvious external file.

This matters in cyber security because attackers often use RCDATA to hide malware configuration and delay analysis. A sample may look like a normal native program while its real settings sit in an embedded resource that has to be extracted, decoded, or decrypted before it is useful. Defenders look for unusual resource layouts, large opaque blobs, and code that reads resources at runtime. Resource extraction is a common first step in reversing such malware, especially when the embedded data is combined with simple obfuscation like Base64 or XOR.

← WIKICROOK index