Staging could be a way to get it working. Depending how the first stager is coded, it can be loaded with a reflective dll.
I was experimenting with A/V evasion, but haven't had much luck. I wrong some code that for now just XOR'ed the payload to hide it from AV. The XOR works fine, but when using the memcpy method on the buf that is XOR decrypted, A/V triggers.
Some how, A/V is keeping track of the buf that is XOR'ed and then checks if its copied with memcpy. Have not found a way to bypass that...