The phony court document is a RAR archive that contains a malicious Visual Basic Script named “Processo Trabalhista.vbs” or “Labor Lawsuit.vbs.” When executed, it downloads a Base64 encoded text file (file4.txt), saves it on the now-infected system, and then executes additional malware.

RAR and VBscript, is it 2006?