Attachment name "message.zip", detection by AV is still thin to nonexistent. When run, the code tries to pull additional files from web servers in Russia, so if you have a chance, you might consider blocking the following TLDs on your proxy / perimeter:

1gb.ru / t35.com / hzs.nm.ru / users.cjb.net / h16.ru

Yikes !