Spin up a Docker container (docker run) using the remnux/pescanner image, mapping the host /tmp (or wherever your suspicious file resides) to the Docker /tmp (/tmp:/tmp), drop directly into a terminal (-it, bash), and delete Docker after use (--rm). To be clear, when mapping host directories into Docker containers its /host:/container:

docker run --rm -it -v /tmp:/tmp remnux/pescanner bash

Run “pescanner” against the suspicious files (in this case teflonhandle.exe from the “EQUATIONGROUP” sample):

pescanner teflonhandle.exe

EXTRA---VirusTotal result for “d80b479b50126d5bc1b817a5e827f416”:

results matching ""

    No results matching ""