Reflective DLL injection is an AV evasion technique that requires storing malicious code in memory, and then using appropriate APIs to load it as an DLL. Windows does not expose any API directly capable of loading in-memory DLL, so the attacker must write his own.