diff --git a/src/modules/module_25400.c b/src/modules/module_25400.c
index 5dbbe8dc3..39ef9e50f 100644
--- a/src/modules/module_25400.c
+++ b/src/modules/module_25400.c
@@ -56,6 +56,7 @@ typedef struct pdf
   u32  id_buf[8];
   u32  u_buf[32];
   u32  o_buf[32];
+  u8   u_pass_buf[64];
 
   int  id_len;
   int  o_len;
@@ -152,6 +153,10 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con
 
 int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
 {
+  char *input_buf = (char *) line_buf;
+  int   input_len = line_len;
+
+  // based on m22000 module_hash_decode() we detect both the hashformat with and without user-password
   u32 *digest = (u32 *) digest_buf;
 
   pdf_t *pdf = (pdf_t *) esalt_buf;
@@ -232,8 +237,106 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   token.attr[11]    = TOKEN_ATTR_VERIFY_LENGTH
                     | TOKEN_ATTR_VERIFY_HEX;
 
-  const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
+  int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); // was a const, now no longer, as we need it again for the new hashformat
 
+  //check if hashformat without user-password is detected
+  if (rc_tokenizer == PARSER_OK)
+  {
+    char tmp_buf[1024];
+    int  tmp_len;
+
+    tmp_len = snprintf (tmp_buf, sizeof (tmp_buf), "%s*", line_buf); // simply add an extra asterisk to denote a empty user-password
+
+    input_buf = tmp_buf;
+    input_len = tmp_len;
+  }
+
+
+  //token_t token; should we first destroy token?
+
+  token.token_cnt  = 13;
+
+  token.signatures_cnt    = 1;
+  token.signatures_buf[0] = SIGNATURE_PDF;
+
+  token.len[0]     = 5;
+  token.attr[0]    = TOKEN_ATTR_FIXED_LENGTH
+                   | TOKEN_ATTR_VERIFY_SIGNATURE;
+
+  token.len_min[1] = 1;
+  token.len_max[1] = 1;
+  token.sep[1]     = '*';
+  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[2] = 1;
+  token.len_max[2] = 1;
+  token.sep[2]     = '*';
+  token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[3] = 3;
+  token.len_max[3] = 3;
+  token.sep[3]     = '*';
+  token.attr[3]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[4] = 1;
+  token.len_max[4] = 6;
+  token.sep[4]     = '*';
+  token.attr[4]    = TOKEN_ATTR_VERIFY_LENGTH;
+
+  token.len_min[5] = 1;
+  token.len_max[5] = 1;
+  token.sep[5]     = '*';
+  token.attr[5]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[6] = 2;
+  token.len_max[6] = 2;
+  token.sep[6]     = '*';
+  token.attr[6]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[7] = 32;
+  token.len_max[7] = 64;
+  token.sep[7]     = '*';
+  token.attr[7]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_HEX;
+
+  token.len_min[8] = 2;
+  token.len_max[8] = 2;
+  token.sep[8]     = '*';
+  token.attr[8]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[9] = 64;
+  token.len_max[9] = 64;
+  token.sep[9]     = '*';
+  token.attr[9]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_HEX;
+
+  token.len_min[10] = 2;
+  token.len_max[10] = 2;
+  token.sep[10]     = '*';
+  token.attr[10]    = TOKEN_ATTR_VERIFY_LENGTH
+                   | TOKEN_ATTR_VERIFY_DIGIT;
+
+  token.len_min[11] = 64;
+  token.len_max[11] = 64;
+  token.sep[11]     = '*';
+  token.attr[11]    = TOKEN_ATTR_VERIFY_LENGTH
+                    | TOKEN_ATTR_VERIFY_HEX;
+
+
+  token.len_min[12] = 0;
+  token.len_max[12] = 64; // arbitrarily limit user-password length to 64 now
+  token.sep[12]     = '*';
+  token.attr[12]    = TOKEN_ATTR_VERIFY_LENGTH;
+
+  rc_tokenizer = input_tokenizer ((const u8 *) input_buf, input_len, &token);
+
+  // detect hashformat including the user-password
   if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
 
   const u8 *V_pos      = token.buf[1];
@@ -247,6 +350,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   const u8 *u_buf_pos  = token.buf[9];  // user hash
   const u8 *o_len_pos  = token.buf[10];
   const u8 *o_buf_pos  = token.buf[11]; // owner hash
+  const u8 *u_pass_buf_pos  = token.buf[12]; // user password (optional)
 
   // validate data
 
@@ -287,6 +391,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   pdf->R = R;
   pdf->P = P;
 
+  //printf("\n\n u_pass_buf_pos: %s\n\n", u_pass_buf_pos);
+  memcpy ( pdf->u_pass_buf , u_pass_buf_pos, 64);
+
   pdf->enc_md = enc_md;
 
   pdf->id_buf[0] = hex_to_u32 (id_buf_pos +  0);