VirtualProtect:
https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect

VirtualAlloc:
https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc

memcpy:
https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/memcpy-wmemcpy?view=msvc-170

most commonly used Windows APIs by malware packers:

VirtualAlloc, VirtualAllocEx	Allocate memory (for payload or shellcode)
VirtualFree, VirtualFreeEx	Free allocated memory
VirtualProtect, VirtualProtectEx	Change memory protection (e.g., make memory executable)
NtAllocateVirtualMemory	Low-level memory allocation
NtProtectVirtualMemory	Change protection using NT API (less monitored by AV)

LoadLibrary, GetProcAddress	Load DLLs dynamically and resolve function addresses
WinExec, ShellExecute	Execute commands or open files
SetThreadContext, GetThreadContext	Modify thread execution (used in hollowing)
QueueUserAPC	Schedule code to run in another thread

