I had the same issue come up recently. What I did was download the rpm(s) that provide those executables from a centos mirror. I extracted the files from the rpm(s). I then ran an MD5SUM on the known good copy (which was downloaded) against the one on the server. If the MD5SUMs match, then most likely they are okay and are not suspescious. There are circumstances where that wouldn't be the case, like MD5SUMs can be false, but that's usually very rare.