There are a couple of shellcodes where Malzilla's Shellcode analyzer can't help.
In such case, copy the shellcode to HexView page and click on Disassemble.
Scroll down the disassembled content, and see if there is a error message.
If there is one, saying that there is an unexpected byte at some address, it means that from that address on there is a content that need to be decoded (e.g. XOR).
Scroll the disassembled content and search for first occurrence of XOR instruction, e.g. XOR [EPB], AL.
If XOR is using AL for XOR key, search what is put in AL. In most of the cases, just a couple of instructions before XOR, you should see an instruction which put something in AL (e.g. MOV AL, 0x000000EE). Now you got the XOR key.
Malzilla can do XOR decoding (HexView tab).
As for now, it can't do other operations that are also used for encrypting (ROR, ROL, ADD, SUB etc.)