Add apt_c16_win64_dropper from nyx0 PR

Add apt_c16_win64_dropper from nyx0 PR
commit: 4c27043a07bedc86ab7665ff66e3a303a42bed44

malware/APT_c16.yar

@@ -78,3 +78,21 @@ rule apt_c16_win_wateringhole
     any of ($str*)
 }
 
+rule apt_c16_win64_dropper
+{
+    meta:
+        Author      = "@dragonthreatlab"
+        Date        = "2015/01/11" 
+        Description = "APT malware used to drop PcClient RAT"
+        Reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
+
+    strings:
+        $mz = { 4D 5A }
+        $str1 = "clbcaiq.dll" ascii
+        $str2 = "profapi_104" ascii
+        $str3 = "\\Microsoft\\wuauclt\\wuauclt.dat" ascii
+        $str4 = { 0F B6 0A 48 FF C2 80 E9 03 80 F1 03 49 FF C8 88 4A FF 75 EC }
+
+    condition:
+        $mz at 0 and all of ($str*)
+}