|It would take a dissembler, a practical understanding of assembly, and, while not required, an in-depth understanding of an undergraduate Computer Science curriculum wouldn't hurt.|
Alternatively, you could try using a debugger instead of a dissembler to understand what it's doing. (I suggest VC++ 2008 Express, as it's one of the more graphical debuggers, but you'll need to configure its symbol server if you don't download the Win32 SDK.) The other two requirements still apply, however.
EDIT: Something like Process Explorer might at least show you the running malware's handles, but it's going to want a debugger with a symbol server.