Rating:

If you check the image using hex editor, There is a string after EOF.
You can extract flag from image by using that string for password