From bleepingcomputer.com
Windows operating system and antivirus software treat VHD and VHDX disk image downloads like a black box. Scanning the files inside these containers does not happen until the image is mounted and the files run.
VHD and its newer version, VHDX, are disk images that appear and behave like a physical drive when opened in Windows.
Attackers can slip malware inside the disk images and lure potential victims to get them from an online location to bypass initial defenses in Windows.