I wanted to send this file to AJ1479 but I did not want anyone else to see what's inside it, so I protected it with a pin.
The given zip file is password protected, which can be cracked using
fcrackzip -v -u -D -p rockyou.txt panda.zip
The password was
2611. After extracting the zip file using the password, we got two images, one was the messed up version of the other. On analysing using
xxd, it was clear that some parts of the original image was replaced in the messed up image (with the flag). A simple Go program which prints the changed bytes (the flag):