He showed us that malware sometimes uses very few DLLs compared with normal executables.
Here's how to see that using PEiD
I opened a legit program (Cain.exe) in PEiD, clicked the Subsystem arrow, and then the ImportTable arrow.
This shows the DLLS it uses:
Compare that to this Brazilian banking trojan, which loads only one DLL, because it's packed and the only code immediately executable is the unpacker.