Windows operating system and antivirus software treat VHD and VHDX disk image downloads like a black box. Scanning the files inside these containers does not happen until the image is mounted and the files run. Windows grants different levels of trust to files, according to their origin. Attackers can slip malware inside the disk images and lure victims to get them from an online location to bypass initial defenses in Windows. Antivirus engines are also tricked, as they don’t check in these containers.
Source: https://www.bleepingcomputer.com/news/security/windows-and-av-software-ignore-malware-in-virtual-disk-files/