The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
Chinese hackers study anti-virus flaws to strike. Recorded Future cybersecurity experts: Unit 61419 bought small AV batches in English from Western companies through intermediaries, Objective: to find leaks and exploit them for cyber espionage attacks
Chinese state hackers bought small multi-packs of Western anti-virus software (between 10 and 20 licenses each). Recorded Future cybersecurity researchers discovered this. In particular, it would be the Unit 61419 of the Beijing army, which operated through intermediaries at the beginning of 2019. We are talking about products from Kaspersky, Bitdefender, Trend Micro, ESET, Dr.Web, Sophos, Symantec, McAfee and Avira, all acquired in the English versions. According to analysts, the group is studying the software to find holes in them that can be exploited for targeted attacks. The confirmation comes from the discovery that an APT, called Tick, used a zero-day in Trend Micro’s anti-virus to hit the Japanese company Mitsubishi for cyber espionage purpose the same year.