A practical approach on clustering malicious PDF documents