# Is MainDab a virus?

## MainDab is not a virus

{% hint style="info" %}
**tl;dr**

MainDab is not obfuscated, and you are free to inspect MainDab's code.
{% endhint %}

It comes as no surprise that there are many so-called "Roblox exploits" which are, in fact, malware! [In fact, you can easily find such malware on GitHub](https://github.com/search?q=roblox+exploit+keyless\&type=repositories\&s=updated\&o=desc). It is worth being concerned as to whether or not MainDab is malware.

In this section, we will discuss whether or not MainDab is malware. If you just want to get started on using MainDab, skip to the next section.

### MainDab, as in the application

MainDab acts as a frontend for interfacing with Roblox exploit APIs (libraries). If you were to download a Roblox exploit, the frontend for an exploit is where you are most likely to obtain malware from.

#### Things proving MainDab is not a virus

In summary, MainDab does not hide what it does from you, the user.

* MainDab has a [single download source](https://maindab.gitbook.io/maindabdocs/downloading-maindab/downloading-maindab-1) - GitHub releases. As a safety precaution, only download MainDab from the MainDab GitHub Releases page.
* MainDab is not obfuscated, meaning a [.NET decompiler](https://github.com/icsharpcode/ILSpy) can be used to inspect MainDab's code.
* Applications that support MainDab, such as the WeAreDevs API key system bypass, is not obfuscated. A [.NET decompiler](https://github.com/icsharpcode/ILSpy) can be used to inspect such files.
* MainDab's code is [publicly available on GitHub](https://github.com/Avaluate/MainDab/) and you are free to compile MainDab if you wish.
* MainDab pushing malware would severely damage its reputation, especially considering MainDab is an organisation that has long moved on from Roblox exploiting.

#### Things to be concerned about

* MainDab requires elevated permission ("Run as Administrator") to run. This is due to how the WeAreDevs key system bypass works (i.e. admin required to run a web server on `localhost:443`). See: [Bypassing WRD Key System](https://maindab.gitbook.io/maindabdocs/maindab-faq/bypassing-wrd-key-system).
* MainDab has an auto-update functionality which forces users to update to the newest version of MainDab. If MainDab's GitHub account were to be compromised, [a malicious update could be unknowingly pushed to you](https://www.sciencedirect.com/science/article/abs/pii/S1353485804001023).

#### VirusTotal Scans

VirusTotal is a service that scans files for potentially malicious items. VirusTotal scans are not as effective as decompiling MainDab and seeing the true nature of how MainDab operates.

As of MainDab 15.2 REL (21 June 2025), here are the scanned items:

* MainDab.exe: <https://www.virustotal.com/gui/file/8717587f29cb3b6a1106097b6a836726d5bb494345389c83f73e43bf6945c3a1?nocache=1>
* MainDabDownloader.exe: <https://www.virustotal.com/gui/file-analysis/MzY4M2NhOGQ3ODFhY2I1MGJhNDQ1NGQ0YmY2YzJiZTY6MTc1MDUwMDMzOA==>
* MainDabWRDWrapper.exe: see results for MainDabWRDWrapper.dll
* MainDabWRDWrapper.dll: <https://www.virustotal.com/gui/file/8adb02765cf9eb674e19b55eaede29ba398ddb720f1404e4194e2890dbbf9c1b?nocache=1>
* WRDFakeServer.exe: <https://www.virustotal.com/gui/file-analysis/Y2FhOGNlMDNhZDk5NjljNGMzOTcwMmQ4YjU3Y2Q3ODc6MTc1MDUwMDY0OQ==>

### WeAreDevs, as in the API

MainDab acts as a front end for the WRD API and as such cannot control what WRD actually does. WRD API downloads files on its own.&#x20;

#### Things proving WRD is not a virus

* Since WeAreDevs creation around \~2017 (or perhaps earlier), there has not been a single case of WRD being malware.
* MainDab, since its creation on 22 February 2020, has used the WRD API. No malware was reported from the use of WRD.
* None of the binaries used by WRD API are obfuscated.&#x20;

#### Things to be concerned about

* WeAreDevs provides no documentation whatsoever into how it operates — it [only provides information on functions exported](https://wearedevs.net/d/Exploit%20API).&#x20;
* For instance, WRD creates a folder called `jjploit` in your Documents directory without any indication of such. WRD also hides the debugging console from the user (which MainDab mitigates). It is unknown why WRD chooses to hide debugging information from the user.
* WRD also has its own [auto-update functionality](https://www.sciencedirect.com/science/article/abs/pii/S1353485804001023) like how MainDab does.&#x20;

#### VirusTotal Scans

As of MainDab 15.2 REL (21 June 2025):

* exploit.dll: <https://www.virustotal.com/gui/file/c1c370e446528a0dccaaceba5e0f3004a3a824b794e2706467b40bd4b5b9e84c>
* injector.exe: <https://www.virustotal.com/gui/file/81eb701f0e4f8933610ff02835fffd896e3b6f3a9e410be1fe5fe50ef40a6490>
* WRD.dll: <https://www.virustotal.com/gui/file/1dc9d6fc9015eee05d40c876b622bef542292f2d81382dbf0845ff82ed18d25d>
* wearedevs\_exploit\_api.dll: <https://www.virustotal.com/gui/file/567c197658cb3fe2b1d5936b20d0da5cca7a5b505a9da10d4003f5af8b8d0705>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://maindab.gitbook.io/maindabdocs/downloading-maindab/is-maindab-a-virus.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.