When the virus is loaded into memory, it hooks INT 21h and writes itself to the end of any executable (except AVG.EXE) that is run or opened.
The virus stores the time of the very first infection into the MBR of the hard drive, which is used for its activation.
Memory usage Edit
The exact memory usage is 2,416 bytes.
The virus activates when at least a whole month has been passed, it loads the file allocation table of C: into memory, then corrupts the original one, followed by displaying the message:
Hello dear friend, your computer is attacking by NIGHT KING I. virus. If do you like your data very much, don't reset your computer before midnight !
A clock is also displayed at the bottom of the message box, if the user waits until midnight, the virus will restore the FAT, followed by hanging the system (the user can reset the computer after that). Otherwise the system will not boot if the user resets the computer before the time is up.
Other details Edit
The day of activation is not calculated by comparing the days, but the months and years. For example, the first infection was on Jan 9, then it would not activate in February, but on the first day of March.
If the size of RAM installed is not enough to let the virus to load the whole FAT into it, it would simply hang the system and nothing will be damaged.