Public | Automated Build

Last pushed: 2 years ago
Short Description
Pescanner Static Malware Analysis Tool for Windows PE Files
Full Description

This Dockerfile represents a Docker image that encapsulates the pescanner tool created by Michael Ligh for performing static analysis of suspicious Windows PE files. The image is using the version of the tool that was modified by Glenn P. Edwards Jr. to introduce imphash support. The original version was distributed with the book Malware Analyst Cookbook. The Dockerfile was contributed to the REMnux collection by Adric Net. The Docker image built by this file includes:

  • Ubuntu base
  • apt in python-magic, yara, python-yara, pip, clamav (all in multiverse)
  • capabilities.yara, userdb.txt,, pefile
  • pydams via libdasm (needed for imphash calculations)

To run this image after installing Docker, use a command like this, replacing ~/workdir with the path to your working directory on the underlying host:

sudo docker run --rm -it -v ~/workdir:/home/nonroot/workdir remnux/pescanner bash

This will launch the bash shell in the container, at which point you can run the "pescanner" command to scan the desired file. Before running the application, create ~/workdir on your host and make it world-accessible (chmod a+xwr).

Docker Pull Command
Source Repository