The file will only be decoded upon being double-clicked and launched. Until then the heavily obfuscated file passes through the security software undetected. Upon launching a VBScript file is written to the %TEMP% folder where it is executed to download the RAT.
Based on scans by VirusTotal, this method evades detection around 89% of the time.
The eight Identified families of malware are: