May 15, 2021

IDP.Alexa.53 on custom Powershell script

Hello,

I was developing a simple powershell script that retrieve information in some PDFs. It runes without problems in the ISE (the development tool for Powershell), but as soon as I try to run it with the “run with powershell” function in Windows, I get a Avast popup with error IDP. Alexa.53 on my script.

I put the file in quarantine and I ran an Avast and MalewareByte scan, both of them didn’t detected anything. My script uses an external dll, which I scan on virusTotal with these results : [https://www.virustotal.com/gui/file/beb5c25eb5f659cbb2574f3eaddda35c5b18e860558daac4533b4ed98e29bd55/detection](https://www.virustotal.com/gui/file/beb5c25eb5f659cbb2574f3eaddda35c5b18e860558daac4533b4ed98e29bd55/detection), so it seemed fine…

What should I do ?

Here are the scripts file (there are two of them, Avast reported the first) :

#on initialise les variables
#$sourceFolder = “H:TEMP”
#$destCSV = “H:TEMPKIT.csv”
$sourceFolder = “.”
$destCSV = “.TEST_KIT.csv”
$compteur = 0

#on crée le .csv
Set-Content -Path $destCSV -Value “No Prestation;No config;No Sous-prestation;No Immeuble;No Objet;Date début;Date fin;No Locataire;Date prestation;Switch locataire”

#pour chaque fichier
foreach ($file in Get-ChildItem -Path $sourceFolder){

#si l’extension est .pdf
if ($file.Name -match “^(homePad)(-)(d{2})(-)(d{2})(-)(d{4})(-)(.+)(-)(d+)(.pdf)$”){

#on récupère la date
$tabDate = $file.Name.Split(“-“)
$dateFormatee = $($tabDate[1] + “.” + $tabDate[2] + “.” + $tabDate[3])

#enregistrer la fonction
. “.Import-PDFText.ps1”

#on récupère le contenu du pdf
$fileContent = $file | Import-PDFText
$tabPDF = $fileContent.ToString().Split(“`n”)

#on récupère les informations
foreach ($line in $tabPDF) {
if ($line -like “Objet (Réf. :*”) {
$objetImmeuble = $line.Split(“/”)
$numImmeuble = $objetImmeuble[1]
$numObjet = $objetImmeuble[2].Substring(0, $objetImmeuble[2].Length – 1)
} elseif ($line -like “Locataire entrant (Réf. :*”) {
$numLocataire = $line.Split(“/”)[2]
break
}
}

#on vérifie que les informations sont correctes
if (($numImmeuble -match “^d{4}$”) -and ($numObjet -match “^d{5,6}$”) -and ($numLocataire -match “^d{5}$”) -and ($dateFormatee -match “^(d{2}).(d{2}).(d{4})$”)) {
#on ajoute la ligne
try {
Add-Content -Path $destCSV -Value $(“3;5;501;$numImmeuble;$numObjet;;;$numLocataire;$dateFormatee;”) -Force -ErrorAction Stop
$compteur = $compteur + 1
} catch {
Write-Error “Erreur lors de l’écriture dans le fichier, assurez vous que le fichier est bien fermé et réessayez.”
$wshell = New-Object -ComObject Wscript.Shell -ErrorAction Stop
$wshell.Popup(“Erreur lors de l’écriture dans le fichier, assurez vous que le fichier est bien fermé et réessayez.”, 30, “Erreur”, 16+0) | Out-Null
pause
exit
}
}else{
Write-Host $($file.basename + ” n’a pu être traité”)
}
} else {
Write-Host $($file.basename + ” a été ignoré”)
}
}

#on affich un rapport à l’utilisateur
$wshell = New-Object -ComObject Wscript.Shell -ErrorAction Stop
$wshell.Popup($compteur.ToString() + ” fichiers ont enregistré dans ” + $destCSV, 30, “Résultat”, 64+0) | Out-Null

pause

​

function Import-PDFText {
<#
.SYNOPSIS
Import-PdfText
Imports the raw text data of a PDF file as readable text.
.DESCRIPTION
Takes the path of a PDF file, loads the file in and converts the text into readable
string data, before outputting it as a complete string.
.EXAMPLE
PS C:> Import-PDFText -Path .Test.pdf | Set-Content $env:Temptest.txt

Returns all of the text in Test.pdf as a string using StringBuilder and stores it to a
file in the temp folder.
.INPUTS
Takes a file path as pipeline input.
.OUTPUTS
Outputs the entire text content of the PDF file as string.
.NOTES
Requires the iTextSharp library, which can be downloaded from here:
https://sourceforge.net/projects/itextsharp/

Place the DLL in the same folder as the script, and execute the function.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory, Position = 0, ValueFromPipeline)]
[ValidateScript({ Test-Path $_ })]
[string]
$Path
)
begin {
if (-not ([System.Management.Automation.PSTypeName]’iTextSharp.Text.Pdf.PdfReader’).Type) {
Add-Type -Path “$PSScriptRootitextsharp.dll”
}
}
process {
$Reader = New-Object ‘iTextSharp.Text.Pdf.PdfReader’ -ArgumentList $Path
$PdfText = New-Object ‘System.Text.StringBuilder’

for ($Page = 1; $Page -le $Reader.NumberOfPages; $Page++) {
$Strategy = New-Object ‘iTextSharp.Text.Pdf.Parser.SimpleTextExtractionStrategy’
$CurrentText = [iTextSharp.Text.Pdf.Parser.PdfTextExtractor]::GetTextFromPage($Reader, $Page, $Strategy)
$PdfText.AppendLine([System.Text.Encoding]::UTF8.GetString([System.Text.ASCIIEncoding]::Convert([System.Text.Encoding]::Default, [System.Text.Encoding]::UTF8, [System.Text.Encoding]::Default.GetBytes($CurrentText)))) | Out-Null
}
$Reader.Close()

$PdfText.ToString()
}

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.