One of government institutions in Poland noticed a significant data breach from employee' workstations. After short analysis, we found that software used for processing classified information was backdoored. One of these binaries was 7-Zip 9.20, which was adding something to the created archives under certain conditions.
$ md5sum 7za* 44362c32bc101c3139f41e9b1bd04a96 7za.exe 42badc1d2f03a8b1e4875740d3d49336 7za_original.exeWe have two files - one from the compromised machine and original downloaded from 7-Zip webpage. Are you able to find the backdoor?
Format flagi:
ecsc{litery_cyfry_i_znaki_specjalne}.