There really are a number of ways this binary could have been polymorphed so that the final size wasn't so large. When examining polymorphed binaries, or binaries using other obfuscation techniques, there really is no other tool as useful as a debugger for hunting down all the register and stack changes and to help visualize the deobfuscation process. Whether the binaries we analyze employ simple polymorphism, as we've seen in this chapter, more complex encoding/decoding, or even encryption/decryption, knowing how to effectively and patiently work through each instruction understanding its functionality is extremely important. Spend time studying the intricacies of assembly; it will serve you well when analyzing binaries.