If I understand correctly, the code does not encrypt itself, it encrypts the malware payload. As to the details of how it executes, I suspect that depends on the vulnerability the malware loader is trying to exploit.
I'll pass your questions along to the researchers. Hopefully they will have the time to answer.
Keep Up with TechRepublic