diff --git a/lib/metasploit/framework/password_crackers/jtr/formatter.rb b/lib/metasploit/framework/password_crackers/jtr/formatter.rb
index aaedc66ca1..b9d2c7da2a 100644
--- a/lib/metasploit/framework/password_crackers/jtr/formatter.rb
+++ b/lib/metasploit/framework/password_crackers/jtr/formatter.rb
@@ -58,8 +58,12 @@ def hash_to_jtr(cred)
       hash = cred.private.data.end_with?(':0:0') ? cred.private.data : "#{cred.private.data}:0:0"
       return "#{cred.public.username}:#{hash}"
     when /Raw-MD5u/
-      # not md5-crypt, just an md5. Avira uses this with unicode
-      # the trailing : shows an empty salt, JTR and hashcat compatible
+      # This is just md5(unicode($p)), where $p is the password.
+      # Avira uses to store their passwords, there may be other apps that also use this though.
+      # The trailing : shows an empty salt. This is because hashcat only has one unicode hash
+      # format which is combatible, type 30, but that is listed as md5(utf16le($pass).$salt)
+      # with a sample hash of b31d032cfdcf47a399990a71e43c5d2a:144816. So this just outputs
+      # The hash as *hash*: so that it is both JTR and hashcat compatible
       return "#{cred.private.data}:"
     else
       # /mysql|mysql-sha1/