fexecve is just a wrapper of execve using "/proc/self/fd/3" as binary location. (with fd=3 pointing to a mmapped binary)
In 2014 you could still use a tmpfs location exec from it and unlink binary, but it generate a lot of artifacts.
With linux kernel > 3.16 you can use memfd_* syscalls to achieve same thing in cleaner way.
You can look at this rootkit https://github.com/io-tl/degu-lib that uses theses tricks for stealth executions of binaries
